Protecting financial and/or sensitive information, including payment card data, personal identification numbers (PINs) and personal identification information from fraud and theft, is a problem for many companies. The Payment Card Industry (PCI) is addressing some of the issues by providing security guidelines for payment peripherals that include card readers, keyboards containing card readers, and PIN entry devices. The PCI guidelines set minimum requirements for payment peripherals that include the use of encrypted data and management of encryption keys.
In addition to payment peripherals, there are other types of peripherals that are used to input valuable and/or sensitive information. For example, an optical code scanner can be used to read a barcode on a personal identification document that has sensitive personal information encoded in the barcode. In another example, a radio frequency identification (RFID) reader can be used to read an RFID chip located in a personal identification document or credit card that has sensitive financial or personal information. These peripherals are attached to a computer terminal used to process purchase and/or financial transactions.
These and other peripherals are used to read financial or sensitive information and certain methods and devices described herein are used to secure both the peripherals and the communications with the peripherals. When one of these peripherals fails, a new peripheral is installed in its place either by a customer service person dispatched to service the terminal or store personnel. However, the security methods will not recognize the new peripheral as an authorized secure peripheral and allow secure operations. The process to authorize the new peripheral can be time consuming and requires input from several parties.